IDS mailing list archives
RE: IDS, IPS or just rubbish?
From: "David J. Meltzer" <djm () intrusec com>
Date: Tue, 24 Jun 2003 23:28:42 -0400
They kept telling me about SQL Slammer and how this solution will stop
it.
What utter crap. Can anyone on this list tell me of a signature-based
IDS
which picked Slammer up in the 2-odd hours it needed to propogate?
Not to rehash old threads, but it was well established on focus-ids months ago (see the "Did IDSes detect the SQL worm? Thread) that at least ISS RealSecure, NFR, and Dragon all had pre-existing signatures for the buffer overflow Slammer exploited and picked it up. -Dave ------------------- David J. Meltzer djm () intrusec com CTO, Intrusec, Inc. ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- IDS, IPS or just rubbish? Jack Ryan (Jun 24)
- RE: IDS, IPS or just rubbish? David J. Meltzer (Jun 25)
- RE: IDS, IPS or just rubbish? Rob Shein (Jun 25)
- RE: IDS, IPS or just rubbish? Curt Purdy (Jun 25)
- Re: IDS, IPS or just rubbish? Ravi (Jun 26)
- <Possible follow-ups>
- RE: IDS, IPS or just rubbish? Golomb, Gary (Jun 25)